A crypto clipper is malware that watches the clipboard for cryptocurrency wallet addresses and replaces them with an attacker-controlled address before the victim pastes the value. It does not need to steal passwords or encrypt files; it profits by silently redirecting a payment.
This matters because clipboard use is routine and often trusted. If a user copies a Bitcoin, Ethereum, or other wallet string, the malware can swap in a lookalike address in milliseconds, causing funds to be sent to the wrong destination. Clipper code is often delivered through loaders, scripts, or other staged malware so it can stay hidden until a transaction is about to happen. Defenders look for suspicious clipboard access, unusual script or process behavior, and endpoint alerts on systems used for crypto transfers. Users can reduce risk by verifying the full destination address before sending and by treating copied wallet text as untrusted until checked.



